2 * Copyright (c) 1999-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * appleCdsa.h - interface between SSL and CDSA
28 #ifndef _APPLE_CDSA_H_
29 #define _APPLE_CDSA_H_ 1
33 #include "sslContext.h"
34 #include <Security/cssmtype.h>
40 extern OSStatus
sslSetUpSymmKey(
43 CSSM_KEYUSE keyUse
, // CSSM_KEYUSE_ENCRYPT, etc.
44 CSSM_BOOL copyKey
, // true: copy keyData false: set by reference
46 size_t keyDataLen
); // in bytes
48 extern OSStatus
sslFreeKey(CSSM_CSP_HANDLE cspHand
,
50 #if ST_KC_KEYS_NEED_REF
51 SecKeychainRef
*kcItem
);
52 #else /* !ST_KC_KEYS_NEED_REF */
54 #endif /* ST_KC_KEYS_NEED_REF*/
56 extern OSStatus
attachToCsp(SSLContext
*ctx
);
57 extern OSStatus
attachToCl(SSLContext
*ctx
);
58 extern OSStatus
attachToTp(SSLContext
*ctx
);
59 extern OSStatus
attachToAll(SSLContext
*ctx
);
60 extern OSStatus
detachFromAll(SSLContext
*ctx
);
62 extern CSSM_DATA_PTR
stMallocCssmData(size_t size
);
63 extern void stFreeCssmData(CSSM_DATA_PTR data
, CSSM_BOOL freeStruct
);
64 extern OSStatus
stSetUpCssmData(CSSM_DATA_PTR data
, size_t length
);
68 * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
70 extern OSStatus
sslPubKeyFromCert(
72 const SSLBuffer
*derCert
,
73 CSSM_KEY_PTR
*pubKey
, // RETURNED
74 CSSM_CSP_HANDLE
*cspHand
); // RETURNED
77 * Verify a cert chain.
79 extern OSStatus
sslVerifyCertChain(
81 const SSLCertificate
*certChain
,
85 * Raw RSA/DSA sign/verify.
90 const UInt8
*plainText
,
92 UInt8
*sig
, // mallocd by caller; RETURNED
93 size_t sigLen
, // available
94 size_t *actualBytes
); // RETURNED
96 OSStatus
sslRawVerify(
98 const CSSM_KEY
*pubKey
,
99 CSSM_CSP_HANDLE cspHand
,
100 const UInt8
*plainText
,
103 size_t sigLen
); // available
108 OSStatus
sslRsaEncrypt(
110 const CSSM_KEY
*pubKey
,
111 CSSM_CSP_HANDLE cspHand
,
112 CSSM_PADDING padding
, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
113 const UInt8
*plainText
,
115 UInt8
*cipherText
, // mallocd by caller; RETURNED
116 size_t cipherTextLen
, // available
117 size_t *actualBytes
); // RETURNED
118 OSStatus
sslRsaDecrypt(
120 SecKeyRef privKeyRef
,
121 CSSM_PADDING padding
, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
122 const UInt8
*cipherText
,
123 size_t cipherTextLen
,
124 UInt8
*plainText
, // mallocd by caller; RETURNED
125 size_t plainTextLen
, // available
126 size_t *actualBytes
); // RETURNED
129 * Obtain size of key in bytes.
131 extern uint32
sslKeyLengthInBytes(
132 const CSSM_KEY
*key
);
134 /* Obtain max signature size in bytes. */
135 extern OSStatus
sslGetMaxSigSize(
136 const CSSM_KEY
*privKey
,
140 * Get raw key bits from an RSA public key.
142 OSStatus
sslGetPubKeyBits(
144 const CSSM_KEY
*pubKey
,
145 CSSM_CSP_HANDLE cspHand
,
146 SSLBuffer
*modulus
, // data mallocd and RETURNED
147 SSLBuffer
*exponent
); // data mallocd and RETURNED
150 * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
151 * Server-initiated key exchange.
153 OSStatus
sslGetPubKeyFromBits(
155 const SSLBuffer
*modulus
,
156 const SSLBuffer
*exponent
,
157 CSSM_KEY_PTR
*pubKey
, // mallocd and RETURNED
158 CSSM_CSP_HANDLE
*cspHand
); // RETURNED
161 * Given a DER-encoded cert, obtain its DER-encoded subject name.
163 CSSM_DATA_PTR
sslGetCertSubjectName(
165 const CSSM_DATA_PTR cert
);
168 void verifyTrustedRoots(SSLContext
*ctx
,
173 void * stAppMalloc (size_t size
, void *allocRef
);
174 void stAppFree (void *mem_ptr
, void *allocRef
);
175 void * stAppRealloc (void *ptr
, size_t size
, void *allocRef
);
176 void * stAppCalloc (uint32 num
, size_t size
, void *allocRef
);
178 OSStatus
sslDhGenKeyPairClient(
180 const SSLBuffer
*prime
,
181 const SSLBuffer
*generator
,
182 CSSM_KEY_PTR publicKey
, // RETURNED
183 CSSM_KEY_PTR privateKey
); // RETURNED
184 OSStatus
sslDhGenerateKeyPair(
186 const SSLBuffer
*paramBlob
,
187 uint32 keySizeInBits
,
188 CSSM_KEY_PTR publicKey
, // RETURNED
189 CSSM_KEY_PTR privateKey
); // RETURNED
190 OSStatus
sslDhKeyExchange(
192 uint32 deriveSizeInBits
,
193 SSLBuffer
*exchanged
);
194 OSStatus
sslEcdhGenerateKeyPair(
196 SSL_ECDSA_NamedCurve namedCurve
);
197 OSStatus
sslEcdhKeyExchange(
199 SSLBuffer
*exchanged
);
200 OSStatus
sslVerifySelectedCipher(
202 const SSLCipherSpec
*selectedCipherSpec
);
205 * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
206 * No mallocs, just copy the pointer and length.
208 #define SSLBUF_TO_CSSM(sb, cd) { \
209 (cd)->Length = (sb)->length; \
210 (cd)->Data = (sb)->data; \
213 #define CSSM_TO_SSLBUF(cd, sb) { \
214 (sb)->length = (cd)->Length; \
215 (sb)->data = (cd)->Data; \
222 #endif /* _APPLE_CDSA_H_ */